The disclosure relates to distributing cryptographic data. More particularly, the methods and systems described herein relate to distributing cryptographic data to trusted recipients.
Conventional systems for digital rights management are typically proprietary systems that provide functionality for securing—e.g., via one or more of encrypting, controlling access, and authenticating—shared data objects stored within the system and accessed by users of the system. However, such systems do not typically extend to securing data objects once the data objects are shared with individuals external to the system or for securing data objects created outside the system.
Although individuals may implement cryptographic functions without the use of a digital rights management system, such functions typically require a level of technical sophistication unavailable to the average individual. Further, even for sophisticated users, there are a number of well-known drawbacks to standard cryptographic techniques. For example, symmetric key cryptography (e.g., the Advanced Encryption Standard (AES) in the United States) allows for password-protection of data objects but does not prevent authorized users from sharing the password with unauthorized users and is reliant upon the strength of the password. As another example, asymmetric key cryptography (also referred to as public key cryptography) is an underlying, and well-known, technology for a number of security implementations; however, public key cryptography depends upon a user's ability to access the public key of any other user with whom she wishes to share a secured data object. Since maintaining a public key is not yet a mainstream activity, this approach is not an option for many individuals—even a technologically-sophisticated individual will not be able to implement this functionality if she wishes to share secured data objects with individuals who do not have public keys.